Fixed vs. Variable-length patterns for detecting suspicious process behavior

Hervé Debar, Marc Dacier, Mehdi Nassehi, Andreas Wespi

Research output: Chapter in Book/Report/Conference proceedingConference contribution

14 Citations (Scopus)

Abstract

This paper addresses the problem of creating patterns that can be used to model the normal behavior of a given process. These models can be used for intrusion detection purposes. In a previous work, we presented a novel method to generate input data sets that enable us to observe the normal behavior of a process in a secure environment. Using this method, we propose various techniques to generate either fixed-length or variable-length patterns. We show the advantages and drawbacks of each technique, based on the results of the experiments we have run on our testbed.

Original languageEnglish
Title of host publicationLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
PublisherSpringer Verlag
Pages1-15
Number of pages15
Volume1485
ISBN (Print)3540650040, 9783540650041
DOIs
Publication statusPublished - 1998
Externally publishedYes
Event5th European Symposium on Research in Computer Security, ESORICS 1998 - Louvain-la-Neuve, Belgium
Duration: 16 Sep 199818 Sep 1998

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume1485
ISSN (Print)03029743
ISSN (Electronic)16113349

Other

Other5th European Symposium on Research in Computer Security, ESORICS 1998
CountryBelgium
CityLouvain-la-Neuve
Period16/9/9818/9/98

Fingerprint

Intrusion detection
Intrusion Detection
Testbeds
Testbed
Model
Experiment
Experiments

ASJC Scopus subject areas

  • Computer Science(all)
  • Theoretical Computer Science

Cite this

Debar, H., Dacier, M., Nassehi, M., & Wespi, A. (1998). Fixed vs. Variable-length patterns for detecting suspicious process behavior. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 1485, pp. 1-15). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 1485). Springer Verlag. https://doi.org/10.1007/BFb0055852

Fixed vs. Variable-length patterns for detecting suspicious process behavior. / Debar, Hervé; Dacier, Marc; Nassehi, Mehdi; Wespi, Andreas.

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Vol. 1485 Springer Verlag, 1998. p. 1-15 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 1485).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Debar, H, Dacier, M, Nassehi, M & Wespi, A 1998, Fixed vs. Variable-length patterns for detecting suspicious process behavior. in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). vol. 1485, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 1485, Springer Verlag, pp. 1-15, 5th European Symposium on Research in Computer Security, ESORICS 1998, Louvain-la-Neuve, Belgium, 16/9/98. https://doi.org/10.1007/BFb0055852
Debar H, Dacier M, Nassehi M, Wespi A. Fixed vs. Variable-length patterns for detecting suspicious process behavior. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Vol. 1485. Springer Verlag. 1998. p. 1-15. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/BFb0055852
Debar, Hervé ; Dacier, Marc ; Nassehi, Mehdi ; Wespi, Andreas. / Fixed vs. Variable-length patterns for detecting suspicious process behavior. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Vol. 1485 Springer Verlag, 1998. pp. 1-15 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{bd380178419047a3ac16c689760bf55a,
title = "Fixed vs. Variable-length patterns for detecting suspicious process behavior",
abstract = "This paper addresses the problem of creating patterns that can be used to model the normal behavior of a given process. These models can be used for intrusion detection purposes. In a previous work, we presented a novel method to generate input data sets that enable us to observe the normal behavior of a process in a secure environment. Using this method, we propose various techniques to generate either fixed-length or variable-length patterns. We show the advantages and drawbacks of each technique, based on the results of the experiments we have run on our testbed.",
author = "Herv{\'e} Debar and Marc Dacier and Mehdi Nassehi and Andreas Wespi",
year = "1998",
doi = "10.1007/BFb0055852",
language = "English",
isbn = "3540650040",
volume = "1485",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer Verlag",
pages = "1--15",
booktitle = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

}

TY - GEN

T1 - Fixed vs. Variable-length patterns for detecting suspicious process behavior

AU - Debar, Hervé

AU - Dacier, Marc

AU - Nassehi, Mehdi

AU - Wespi, Andreas

PY - 1998

Y1 - 1998

N2 - This paper addresses the problem of creating patterns that can be used to model the normal behavior of a given process. These models can be used for intrusion detection purposes. In a previous work, we presented a novel method to generate input data sets that enable us to observe the normal behavior of a process in a secure environment. Using this method, we propose various techniques to generate either fixed-length or variable-length patterns. We show the advantages and drawbacks of each technique, based on the results of the experiments we have run on our testbed.

AB - This paper addresses the problem of creating patterns that can be used to model the normal behavior of a given process. These models can be used for intrusion detection purposes. In a previous work, we presented a novel method to generate input data sets that enable us to observe the normal behavior of a process in a secure environment. Using this method, we propose various techniques to generate either fixed-length or variable-length patterns. We show the advantages and drawbacks of each technique, based on the results of the experiments we have run on our testbed.

UR - http://www.scopus.com/inward/record.url?scp=84958752009&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84958752009&partnerID=8YFLogxK

U2 - 10.1007/BFb0055852

DO - 10.1007/BFb0055852

M3 - Conference contribution

AN - SCOPUS:84958752009

SN - 3540650040

SN - 9783540650041

VL - 1485

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 1

EP - 15

BT - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

PB - Springer Verlag

ER -